Re: Permissions needed for a Windows Forms Control to call a WebService
From: Heath Stewart (nospam.clubstew@hotmail.com)
Date: 11/25/02
- Next message: Dragos Gafita: "How does HttpHandler section work?!?"
- Previous message: Saurabh Nandu [MVP]: "Re: Permissions needed for a Windows Forms Control to call a WebService"
- In reply to: Danny Shisler: "Re: Permissions needed for a Windows Forms Control to call a WebService"
- Next in thread: Danny Shisler: "Thankyou - Re: Permissions needed for a Windows Forms Control to call a WebService"
- Reply: Danny Shisler: "Thankyou - Re: Permissions needed for a Windows Forms Control to call a WebService"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Heath Stewart" <nospam.clubstew@hotmail.com> Date: Mon, 25 Nov 2002 00:45:22 -0600
You're right, Dan, and it's not a difficult problem to solve. I spent a lot
of time on the phone and email with MSDN about the problem and it's being
fixed in .NET 1.1. Currently, embedded controls have absolutely no
permissions so your control will not run while embedded in Internet Explorer
without modification to your code groups. You also must not use any
SystemColor enumeration members in your main control otherwise Internet
Explorer won't display it either.
You should read more about .NET security so that you can better customize
your code group, but here are some tips:
1. Internet Explorer (or IEExec.exe, rather) only passes Host evidence, so
things like X.509 certificates and StrongNames are not presented to the
AppDomain that IEExec creates. Only Host, Url, and Zone are passed as
evidence.
2. Caspol.exe and the "Microsoft .NET Framework Configuration" tool in the
"Administrative Tools" folder are helpful. For information about Caspol.exe,
make sure the .NET framework SDK and runtime directories are in your path
(something I hope they fix for .NET 1.1, too) and type caspol.exe -h at the
command line. For instance, to change the Intranet_Zone to full trust (not
recommended, especially in larger companies), you would type:
caspol.exe -m -cg "LocalIntranet_Zone" FullTrust
To reset the Machine policy level (dictated by the -m above), you would
type;
caspol.exe -m -rs
3. Rather than opening your computer to attacks because the .NET security
model is somewhat different from previous models (similar to Java, but more
advanced), granualize your permission sets and security zones and don't
needlessly open things such as setting the Internet zone to FullTrust. This
is a common mistake among new .NET developers (heck, even more experienced
ones).
4. Check out the entire System.Security namespaces if you'd like to look at
it from a developer perspective. That'll cover code groups, policy levels,
permission sets, evidence, etc.
-- Heath Stewart Senior Software Architect Proplanner.NET: Web-based Production Planning Solutions http://www.proplanner.net
- Next message: Dragos Gafita: "How does HttpHandler section work?!?"
- Previous message: Saurabh Nandu [MVP]: "Re: Permissions needed for a Windows Forms Control to call a WebService"
- In reply to: Danny Shisler: "Re: Permissions needed for a Windows Forms Control to call a WebService"
- Next in thread: Danny Shisler: "Thankyou - Re: Permissions needed for a Windows Forms Control to call a WebService"
- Reply: Danny Shisler: "Thankyou - Re: Permissions needed for a Windows Forms Control to call a WebService"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
